← Back

CVE-2012-10023

nvd nist
Published: Aug 5, 2025Modified: Sep 3, 2025

JSON object

Loading...
6.9
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.

Affected (1)

Freefloat
1 product
Freefloat Ftp Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Freefloat Ftp Server
Version 1.0

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (8)

Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit

Timeline

No history available yet.